Next Page >>
xine/lib
===========================================================
Ubuntu Security Notice USN-710-1 January 26, 2009
xine-lib vulnerabilities
CVE-2008-3231, CVE-2008-5233, CVE-2008-5234, CVE-2008-5236,
CVE-2008-5237, CVE-2008-5238, CVE-2008-5239, CVE-2008-5240,
CVE-2008-5241, CVE-2008-5242, CVE-2008-5243, CVE-2008-5244,
CVE-2008-5246, CVE-2008-5248
===========================================================
A security issue affects the following Ubuntu releases:
===========================================================
Ubuntu Security Notice USN-635-1 August 06, 2008
xine-lib vulnerabilities
CVE-2008-0073, CVE-2008-0225, CVE-2008-0238, CVE-2008-0486,
CVE-2008-1110, CVE-2008-1161, CVE-2008-1482, CVE-2008-1686,
CVE-2008-1878
===========================================================
A security issue affects the following Ubuntu releases:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: xine-lib: User-assisted execution of arbitrary code
Date: August 06, 2008
Bugs: #213039, #214270, #218059
ID: 200808-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: xine-lib: User-assisted execution of arbitrary code
Date: January 27, 2008
Bugs: #205197
ID: 200801-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: xine-lib: User-assisted execution of arbitrary code
Date: June 01, 2010
Bugs: #234777, #249041, #260069, #265250
ID: 201006-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: xine-lib: User-assisted execution of arbitrary code
Date: February 26, 2008
Bugs: #209106, #208100
ID: 200802-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Debian Security Advisory DSA-1586-1 security@debian.org
http://www.debian.org/security/ Devin Carraway
May 22, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xine-lib
Vulnerability : multiple
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-1482 CVE-2008-1686 CVE-2008-1878
#2008-008 multiple heap overflows in xine-lib
Description:
The xine free multimedia player suffers from a number of vulnerabilities
ranging in severity. The worst of these vulnerabilities results in
arbitrary code execution and the least, in unexpected process
termination.
===========================================================
Ubuntu Security Notice USN-746-1 March 26, 2009
xine-lib vulnerability
CVE-2009-0698, https://launchpad.net/bugs/322834
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Mandriva Linux Security Advisory MDVSA-2008:020
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-lib
Date : January 22, 2008
Affected: 2007.1, 2008.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
===========================================================
Ubuntu Security Notice USN-763-1 April 20, 2009
xine-lib vulnerabilities
CVE-2009-0698, CVE-2009-1274
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Mandriva Linux Security Advisory MDVSA-2008:178
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-lib
Date : August 20, 2008
Affected: 2008.0
_______________________________________________________________________
Problem Description:
_______________________________________________________________________
Problem Description:
Heap-based buffer overflow in the rmff_dump_cont function in
input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote
attackers to execute arbitrary code via the SDP Abstract attribute,
related to the rmff_dump_header function and related to disregarding
the max field. Although originally a xine-lib issue, also affects
MPlayer due to code similarity. (CVE-2008-0225)
Mandriva Linux Security Advisory MDVSA-2009:298
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-lib
Date : November 13, 2009
Affected: Corporate 3.0
_______________________________________________________________________
Problem Description:
#######################################################################
Luigi Auriemma
Application: xine-lib
http://xinehq.de
Versions: <= 1.1.11
Platforms: Linux, *BSD, Solaris, Irix, MacOSX, Windows and others
Bugs: A] heap-overflow in demux_flv
B] heap-overflow in demux_qt
parsing integer underflow.
Affected products:
The Movie player svn r29438 [1]
VLC media player <= 1.0.0 [2]
Possible others applications that use the xine lib code [3].
Discovred by:
tixxDZ <tixxdz at gmail dot com>
DZCORE Labs, Algeria
Mandriva Linux Security Advisory MDVSA-2009:299
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-lib
Date : November 13, 2009
Affected: 2009.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:319
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-lib
Date : December 5, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Debian Security Advisory DSA-1472-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 21, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xine-lib
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-0225
SDL_sound <= 1.0.1
Speex <= 1.1.12 (speexdec)
Sweep <= 0.9.2
vorbis-tools <= 1.2.0
VLC Media Player <= 0.8.6f
xine-lib <= 1.1.11.1
XMMS speex plugin
Fixed version:
gstreamer-plugins-good, >= 0.10.8 (patched in CVS)
Debian Security Advisory DSA-1536-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
March 31, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xine-lib
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2007-1246 CVE-2007-1387 CVE-2008-0073 CVE-2008-0486
CVE-2008-1161
Mandriva Linux Security Advisory MDVSA-2008:124
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-lib
Date : June 26, 2008
Affected: 2008.0, 2008.1
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:020
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-lib
Date : January 21, 2009
Affected: 2008.1, 2009.0
_______________________________________________________________________
Problem Description:
Title: MPlayer 1.0rc2 buffer overflow vulnerability
Advisory ID: CORE-2007-1218
Advisory URL: http://www.coresecurity.com/?action=item&id=2103
Date published: 2008-02-04
Date of last update: 2008-02-01
Vendors contacted: MPlayer and Xine team
Release mode: Coordinated release
*Vulnerability Information*
Mandriva Linux Security Advisory MDVSA-2008:046-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-lib
Date : February 20, 2008
Affected: 2007.1, 2008.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2008:046
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-lib
Date : February 15, 2008
Affected: 2007.1, 2008.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2008:177
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-lib
Date : August 20, 2008
Affected: 2008.1
_______________________________________________________________________
Problem Description:
reading subtitles, which has been reported as CVE-2007-6681 in GLSA
200803-13, was not properly fixed (CVE-2008-1881).
* Alin Rad Pop of Secunia reported an array indexing vulnerability in
the sdpplin_parse() function when processing streams from RTSP
servers in Xine code, which is also used in VLC (CVE-2008-0073).
* Drew Yao and Nico Golde reported an integer overflow in the
MP4_ReadBox_rdrf() function in the file libmp4.c leading to a
heap-based buffer overflow when reading MP4 files (CVE-2008-1489).
# emerge --ask --oneshot --verbose
">=media-libs/win32codecs-20071007-r2"
Note: Since no updated binary versions have been released, the
Quicktime libraries have been removed from the package. Please use the
free alternative Quicktime implementations within VLC, MPlayer or Xine
for playback.
References
==========
Mandriva Linux Security Advisory MDKSA-2007:154
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-ui
Date : August 9, 2007
Affected: 2007.1
_______________________________________________________________________
Problem Description:
Next Page>>
|
